NEWS FROM THE LAB - Monday, March 30, 2009

Conficker Hype Used by Rogue Gangs Posted by Patrik @ 20:20 GMT

Oh the irony.

As you're all aware Conficker has been in the news a lot lately, especially with regards to if anything will happen on April 1st or not. We found out that rogue security software folks have picked up on this. For example, let's have a look at remove-conficker.org, a domain which was registered today:


They advertise a tool called MalwareRemovalBot. It's fake. Interestingly, it doesn't always find non-existing malware infections on your PC — only sometimes. But one thing is for sure, it does not remove Conficker.C. We tried it and it didn't do a thing to remove it.

When it did find something that it claimed to be malware it looked like this:

MalwareRemovalBots scanning

And then it asked us to register and pay $39.95 for the removal functionality.

MalwareRemovalBots purchase

When following up on this we did a Google search for "remove conficker.c" and saw several purchased ads that lead to the same type of "security" software as well.

Google search for Conficker.C

Like AdwareAlert and AntiSpy2009, it is clear that it's an affiliate program going on.

Rogue software

Get your facts from known sites and download your removal tools from respected companies. Such as ours which you can find here.